Unauthorized or AccessDenied exception when using SOAP Native Xml Web Services

Unauthorized or AccessDenied exception when using SOAP Native Xml Web Services

  • Comments 10

One of the common problems people face when using SQL 2005 web services for the first time is the requirement of specifying credentials in the SOAP request.  Unlike .Net Framework web services, where the server may not require credentials, SQL 2005 has a strict rule that credentials must be specified.

If your client application was developed using C# and you see the following exception:
   System.Net.WebException
   The request failed with HTTP status 401: Unauthorized.

This means that the client application is not sending any credentials or the credentials are wrong (ie. old password).

To correct the problem, specify the correct credentials to be used.  The simplest way is to specify
   proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
in the C# code, where "proxy" is the variable of the web service class.

Additional information regarding how to specify the exact type of authentication scheme to use (ie. Digest, Kerberos, or NTLM) in a C# application is available in Books Online under topic "Specifying Non-Kerberos Authentication in Visual Studio Projects".  This topic is reachable through the index by looking for "Native XML Web Services"->"writing client applications".

If your client application was developed using C# and you see the following exception:
   System.Web.Services.Protocols.SoapException
   There was an error in the incoming SOAP request packet:  Client, LoginFailure, AccessDenied
This means that the user credential you specified does not have permission to connect to the endpoint or to execute the specific web method.

To correct the problem, grant the necessary permissions to the objects related to the request (ie. Connect permissions to the endpoint; execute permissions on the stored procedure; select permissions on the table; execute permissions CLR UDT; etc.)

Jimmy Wu, SQL Server Protocols
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights

Leave a Comment
  • Please add 8 and 7 and type the answer here:
  • Post
  • Thank you.  This helped a bunch
  • Hi
    Iam getting  System.Web.Services.Protocols.SoapException
      There was an error in the incoming SOAP request packet:  Client, LoginFailure, AccessDenied for ASP.net application while calling a SQL server 2005 on the local machine
    .But the same code went thro when i used froms based c# client .
    If possible pls do explain on this.

    Thanks and Regards
    Sezhian.gk
  • Sezhian,

    How are you specifying the credential information in the ASP.net application?  I'm assuming you've set some form of credentials since you said the same code works in a C# application.

    It would really help if you can post the configuration settings for your ASP.Net application and the code snipet on how you are setting the user credentials.

    Jimmy Wu
  • This solution worked great for me. The issue for me was no credentials where being passed to the service and we are only allowed to use integrated security. I added the one line of code to the assembly and it woekd like a champ. Thanks for the help.
  • Hi Jimmy,

     This GK.Sezhian. we successfully did the demo of native xml webservices ,the credit has to be yours.Thanks a lot.

    But again i have some problems from accessing

    from a soap client running on linux machine.

    Hi Jimmy is it possible for you give a sample soap request with credentials for sql server login .

    Just i wish to test by issuing a plain soap request using httpconnector from java/perl and

    get the results back.(Through ssl).

    Thanks and Regards

    Sezhian.gk

  • Hi Sezhian.gk,

    It's great to hear that the demo worked.

    Regarding the ability to connect and login using SQL user credentials, please note that the SQL Server itself must allow SQL user logins.  On top of that the Endpoint must also allow SQL user logins.  As far as the SOAP structure goes, we leverage the WS-Security SOAP header structure.

    Here's a sample SOAP request using sql user login:

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

     <SOAP-ENV:Header>

       <wsse:Security  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

         <wsse:UsernameToken>

           <wsse:Username>sa</wsse:Username>

           <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>

         </wsse:UsernameToken>

       </wsse:Security>

     </SOAP-ENV:Header>

     <SOAP-ENV:Body>

     .....

     </SOAP-ENV:Body>

    </SOAP-ENV:Envelope>

    For additional details please refer to http://msdn2.microsoft.com/en-us/library/ms180919.aspx

    Jimmy

  • PingBack from http://famousquotes.247blogging.info/?p=409

  • i am trying to validate a web user throug Roles and Membership classes and i have given the connection string in the web.config of web service project but i am getting the following exception

    System.Data.SqlClient.SqlException: Login failed for user 'ZEESHAN-D23A42A\ASPNET'.

      at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)

      at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)

      at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

      at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)

      at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)

      at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)

      at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)

      at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)

      at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)

      at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)

      at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)

      at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)

      at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)

      at System.Data.SqlClient.SqlConnection.Open()

      at System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate)

      at System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation)

      at System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Boolean updateLastLoginActivityDate, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate)

      at System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat)

      at System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved)

      at System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password)

      at System.Web.Security.Membership.ValidateUser(String username, String password)

      at Service.ValidateUser() in h:\WebProjects\LoginService\App_Code\Service.cs:line 41

  • I am using this and it works for me.  The point here is that we need to include "System.Net.ICredentials credentials = new System.Net.NetworkCredential("userIdxxx", "Passwordxxx", "domainxxx")";

    com.abcCompany.Project1.account_endpoint objProxy = new com.clickable.eds.business_endpoint();

    System.Net.ICredentials credentials = new System.Net.NetworkCredential("userIdxxx", "Passwordxxx", "domainxxx");

    objProxy.Credentials = credentials;

    Object objData = objProxy.GetBalanceSheet();

  • PingBack from http://www.tomdonohue.co.uk/blog/2009/02/06/access-denied-when-connecting-to-sql-server-endpoints/

Page 1 of 1 (10 items)